phpmyadmin -- cross-site scripting vulnerability

ID 2D2DCBB4-906C-11DC-A951-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


The DigiTrust Group reports:

When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since db_create.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when the database names are displayed.